https://bugs.kde.org/show_bug.cgi?id=433485
Alois Wohlschlager <alo...@gmx-topmail.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDSINFO |REPORTED
Resolution|WAITINGFORINFO |---
--- Comment #3 from Alois Wohlschlager <alo...@gmx-topmail.de> ---
Your session is running on X11, otherwise xinput would complain that it can
only eavesdrop Xwayland.
Apparently gksudo tries to grab keyboard and mouse input, which supposedly
prevents eavesdropping via XTest extension. Daniel Stone seems to confirm this
on the Wayland mailing list [1]. However, I tested with gksudo on Ubuntu 12.04
now and "xinput test" does register the keystrokes corresponding to the
password.
I have now set this bug back to reported, as I think all relevant information
has been supplied.
Even implementing the grab in the polkit agent will not protect you in your
threat model, as at least the impersonation attack still works. You want to run
untrusted apps in containers without access to your home directory or any real
GUI system.
[1]:
https://lists.freedesktop.org/archives/wayland-devel/2012-February/002176.html
--
You are receiving this mail because:
You are watching all bug changes.
